WHID 2006-26: Yahoo XSS used for phishing

An XSS vulnerability in Yahoo Mail is actively exploited for targeted phishing.

Additional information:

Alert - Yahoo! Webmail XSS [Cesar Cerrudo, Argeniss, Apr 17 2006]
Alert - Yahoo! Mail XSS vulnerability [Cesar Cerrudo, Argeniss, Apr 28 2006]

Attack Method:

Cross Site Scripting (XSS)

Incident Outcome:

Add new comment